Java7 Refusing to trust certificate in trust store

java ssl ssl-certificate

Solution 1:

I actually had a somewhat similar issue, where a Tomcat application would trust the ca cert in the truststore when using Java 1.6 and reject it with java 1.7. After adding keyUsage to my ca certificate it works (after reading a bug report, JDK-7018897 : CertPath validation cannot handle self-signed cert with bad KeyUsage).

What I have done (Ubuntu 12.04 x64):

  1. Edit /etc/ssl/openssl.cnf and uncomment keyUsage line in v3_ca section.

  2. Generate new ca cert from old one with keyUsage included using the command:

    openssl x509 -in oldca.pem -clrext -signkey oldca.key -extfile /etc/ssl/openssl.cnf -extensions v3_ca -out newca.pem

  3. Delete old CA key from truststore and insert the new one.

Related

How to draw a circle path with color gradient stroke
Swift - Compressing video files
Python: is "except KeyError" faster than "if key in dict"?
How users/developers can set the Android's proxy configuration for versions 2.x?
How to speed up sql queries ? Indexes?
Why is the order of evaluation for function parameters unspecified in c++?
How to loop through JSON array?
this is error ORA-12154: TNS:could not resolve the connect identifier specified?
How to package a .NET library targeting the Universal Windows Platform?
including an icon into a self-contained JavaFX application (.exe)
How to change filetype association in the registry?
What Python GUI APIs Are Out There? [closed]